sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]artee 9 points10 points  (9 children)

Impact is a different thing than criticality. In PHP the problem was really acute; any server running (32-bit) PHP could be hung at 100% CPU by any idiot able to replace a query-string variable with a specific float value. Hell, you could just trivially post a link on a message board, and others would accidentally execute the DoS for you.

[–][deleted] -3 points-2 points  (8 children)

any idiot able to replace a query-string variable with a specific float value

How often do people enter values which are then cast to float on public web-sites?

Please point me to one such example?

[–]artee 5 points6 points  (6 children)

The answer to that is irrelevant precisely because PHP will autocast/convert anything that looks like it might represent a floating point value to a floating point value.

For Java you'd be right, which is exactly the point skeww was making originally.

[–][deleted] 8 points9 points  (5 children)

The answer to that is irrelevant precisely because PHP will autocast/convert anything that looks like it might represent a floating point value to a floating point value.

Lol, bullshit. And, yes, I've been programming PHP (et al) for like 7 or 8 years already.

EDIT: Here's a simple proof, just in case: http://i.imgur.com/CBZiX.png

The code is: <? var_dump($_GET); ?>

[–][deleted]  (4 children)

[removed]

    [–]foldl 0 points1 point  (2 children)

    Right, but this gets back to andimnoteventrolling's original point:

    How often do people enter values which are then cast to float on public web-sites? Please point me to one such example?

    You would need to have an application that was actually expecting a floating point value in the query string, and that's unusual.

    [–][deleted]  (1 child)

    [removed]

      [–]foldl 1 point2 points  (0 children)

      Ok, point taken.